package example.hellosecurity.config;

import example.hellosecurity.filter.LoginFilter;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

//@Configuration
//@EnableWebSecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
                .requestMatchers() // 指定当前`SecurityFilterChain`实例匹配哪些请求
                .anyRequest().and()
                .authorizeRequests() // 拦截请求，创建FilterSecurityInterceptor
                .anyRequest().authenticated() // 在创建过滤器的基础上的一些自定义配置
                .and() // 用and来表示配置过滤器结束，以便进行下一个过滤器的创建和配置
                .formLogin().and() // 设置表单登录，创建UsernamePasswordAuthenticationFilter
                .httpBasic(); // basic验证，创建BasicAuthenticationFilter
        http.addFilterBefore(new LoginFilter(), UsernamePasswordAuthenticationFilter.class);

    }
}
